Do you have a news story for The Caretakers' Website?

If you have a news item for The Caretakers' Website, we would love to hear from you. CLICK HERE to send us the text for your news story and include any images you would like us to show with the article. This is not a commercial service, so no adverts or product releases.

Section: News

Advice about school website security (encryption) for School Caretakers

You would think that schools would be at the cutting edge of technology, but here at The Caretakers' Website, we often visit school websites at the request of schools to pick up information about job vacancies. Yet, few have any form of SSL encryption on their websites. But, they do have many areas on their websites where visitors are asked to complete web forms or enter text into email forms. All areas where personal information could be stolen such as email addresses, names and other personal details...

Banks have recently included information about checking a websites security before sharing information with the site and we suggest you also do this before completing forms on school websites.

Your browser does not support the video tag.

In the address bar of your browser you should see a padlock. This shows you that the website has a SSL certificate and any information passed between your computer and the server where the school website is held will be encrypted. If you see a green padlock, this shows that additional encryption has been applied and this is required when making purchases or paying in money online.

The images above were taken from a Microsoft Edge browser. But all modern browsers should show you the same type of symbols. Older browsers such as Internet Explorer do not show you details about non-encrypted websites (if Internet Explorer doesn't show you a padlock in the address bar, assume that the site is not encrypted). We would recommend that you use an up-to-date browser.

So we advise all users who complete a form online (including completing email forms) to just check the security of the website and satisfy themselves that they are happy to share information with the site.

If a school website includes an area for making payments (E.g. paying in advance for school meals) ensure that section of the website has a green padlock and is fully secure. DO NOT share credit/debit card details with a non-encrypted website.

Here are 3 examples of websites with different levels of encryption: These 3 websites were used to take the information shown in the image above.

Unsecure webpage. No encryption:http://www.thestleonardsacademy.org.uk/contactNote the email form on the right from which your name and email address could be harvested (including any personal information you include in the message box).

Secure webpage with encryption:https://www.thecaretakers.co.uk/CMS2OK, this is our website. We added SSL encryption to protect our visitors and editors who log-in to add news stories and jobs vacancies.

Very secure webpage with encryption:https://www.nwolb.com/default.aspxYou would expect a bank or shop to have this level of encryption as you are sharing very sensitive personal information like credit card details.

A secure encrypted webpage will always have the address starting with https://

I will also add that some sites are made up with multiple pages and sections and each page may have a different level of encryption. Just be aware if a form is asking you to enter personal information, to check the address bar to see if it is secure to do so. I have come across some shops on the internet that have no security at all and I have chosen not to use them. It is often better to be safe than sorry. You may often find the same product on another site that is secure.

Some browsers have gone a step further and if you are viewing an unsecured website will show a slash screen to warn the user that the site in not secure.

As for schools, we would advise they look at their websites and include encryption where they expect users to enter information into forms. Most IT technicians should know how to implement SSL security certificates - shouldn't they?